CoreTrace WhiteSpace

The Application Whitelisting and Security Weblog

Smart phone attacks latest threat to corporate networks

Posted:  March 25, 2010 by Toney Jennings

If securing our enterprise wasn’t already a full-time job, smart phones are becoming a popular platform for hackers to penetrate larger company systems. In Bill Brenner’s article, “Smart Phone Attacks: Here and Now,” he writes that after years of anticipating smart phone threats we’ve finally come to a point where we can no longer ignore them.

Smart phone threats have been looming for years. But with more people now using their BlackBerry’s and iPhones like their home computers and laptops to surf the Internet, trade files and potentially open infected email attachments, their phones can fall prey to viruses and malware that steal sensitive information such as credit card and Social Security numbers. Brenner writes:

“With all this happening, the bad guys now have reason to shift their attention and create new flavors of mobile malware. With so many of these devices hooked to company networks for access to e-mail and other programs, attacks on the phones can now be used to penetrate larger company systems. In other words, it’s time for IT security practitioners to start paying attention and making plans.”

Google’s head of Android security, Rich Cannings, agrees. He said phone attacks are not a thing of the future. They are upon us. And as smart phones grow in popularity, so will the number of attacks. “The smartphone OS will become a major security target. Personally, I think this will become an epiphany to malware authors.”

And one doesn’t have to look far to see how quickly this can be done. An article published today reported how a security analyst was able to successfully exploit Apple’s Safari browser on a MacBook Pro on the first day of a Pwn20wn contest, which awarded the winner the hardware they successfully attacked. It appears that these hacks involved a payload first being deposited before executing. Application whitelisting would have stopped them from running in the first place.

Compounding the problem is the fact that the growing number of applications on smart phones leave the same security holes wide open. With more mobile devices now being used to access corporate networks, security professionals need to consider how they can protect their systems from growing mobile threats.

Please use the comment form and leave your thoughts!

Faulty Windows update causes more frustrations for PC users

Posted:  March 23, 2010 by Toney Jennings

On Saturday, a faulty update for 64-bit Windows systems caused the BitDefender anti-virus software to flag thousands of legitimate Windows and BitDefender files as potential threats to the system. According to an article by Brian Krebs, “Bad BitDefender Antivirus Update Hobbles Windows PCs,” the glitch caused quite a stir with users who expressed their concerns on the antivirus firm’s Twitter page.

BitDefender later issued a statement to users saying it was creating a patch that would restore the quarantined files. The company also posted a partial recovery for users to follow, but that was met with more disconcerting Tweet’s from users saying that after following the instructions they were still unable to boot up their computers.

To make matters worse, BitDefender has also reportedly warned users that malware writers are issuing fake downloads that fix the problem. The company is advising users to download the fix only from its website.

This story appears to be another example of the escalating problems antivirus solutions are experiencing with bad system updates. The inability to effectively stop malicious code from exploiting system vulnerabilities is causing more work and frustrations for security professionals and users, alike. Including application whitelisting as part of a company’s endpoint security strategy not only prevents malicious code from executing, but also eliminates the risks that can accompany updates.

Most recent comment:   Greg Newman

Ahhhh, you guys are trying to make it EASY on everybody. Great! And then WHAT are we gonna do with ...

Cyber attacks top terrorism as biggest concern for Indian companies

Posted:  March 18, 2010 by Toney Jennings

Escalating revenue losses from cyber crimes and understaffed network security teams have Indian companies more concerned about cyber attacks than terrorism.

In the article, “Cyber attacks worry firms more than terrorism,” the “2010 State of Enterprise Security Study” conducted by Symantec Software Solutions Pvt. Ltd. found that 42% of companies representing industries such as telecom, hospitality, manufacturing, retail and technology perceive cyber attacks as the biggest threat to their enterprises.

One reason cited was the lack of adequate network security. Over the past year, 66% of companies surveyed said they had experienced cyber intrusions while 51% reported repeated attacks. The study also pointed out that deployment of enterprise security has turned into a difficult task for many organizations. Said Vishal Dhupar, managing director at Symantec:

“Enterprise security is understaffed and the most affected areas in organizations are network security, web security and data-loss prevention. To tackle the issue, companies need to secure their messaging and web environments and defending critical internal servers. They should also have the ability to back up and recover data and respond to threats rapidly.

With the rise in malicious attacks targeting sectors that can have a significant impact on India’s economy, one has to wonder if cyber attacks and terrorism weren’t one in the same. As I mentioned in a recent blog, “Are we in a cyberwar or not?” cyber threats continue to have a growing impact on our nation’s economy and global competitiveness. Although U.S. Cyber Czar, Howard Schmidt, may not think we are engaged in cyber warfare, the impacts from targeted attacks are being felt everywhere, and are top IT concerns for many organizations and nations around the world.

Please use the comment form and leave your thoughts!

NSS test demonstrates 86% anti-virus fails to protect against Operation Aurora variants

Posted:  March 16, 2010 by Toney Jennings

A recent study by NSS Labs revealed just how ineffective some of today’s top anti-virus software solutions are at stopping one of the most highly profiled and successful cyber attacks of 2010. According to the article, “More Anti-Virus Fail,” NSS Labs created variants of the Operation Aurora attack to see how many AV products caught the malicious code. The result: Only one out of the seven products tested correctly thwarted multiple exploits and malicious code payloads.

This says a lot about the current state of the AV industry. With so many new viruses and malware variants successfully bypassing security solutions, it is time to shift our way of thinking about how to protect our networks from new and unknown forms of malware and viruses.

With online crime losses doubling in 2009, we simply can’t afford to rely solely on AV software to protect our critical infrastructures from the countless number of malware variants out there. If these solutions are already losing the battle against highly visible malware, I can’t imagine the success rate of stopping unknown attacks would be any better.

As an example of how the industry currently looks at these problems, NSS Labs’ CTO, Vikram Phatak, said: “There are many ways to possibly exploit a vulnerability, and rather than focusing on every attack method, vendors need to focus on [shielding] the vulnerability itself.”

Vikram is correct in pointing out that you can’t defend against every attack method, but focusing on protecting against exploitation of the vulnerability is reactive, and a failure as well. This still leaves companies open to newly discovered vulnerabilities, relies on reactive patching and security system updates, and will ultimately fall on its face. We need to completely rethink our approach to endpoint security that begins with a foundation of whitelisting that would defeat new malware completely independently of the vulnerability or attack.

Please use the comment form and leave your thoughts!

Are we in a cyberwar or not?

Posted:  March 11, 2010 by Toney Jennings

I continue to hear various viewpoints about whether or not we are in a cyberwar. Recently, our friend, Howard Schmidt was quoted in the article, “White House Cyber Czar: ‘We are not in a cyberwar’,” that we are not in a cyberwar. His stance is cyberwar is “a terrible metaphor” where there are no winners. While I can certainly respect that, there are also a number of opposing views and supporting statistics that say otherwise.

One comes from the former director of national intelligence, Michael McConnell, who recently testified in Congress by saying the country is already in the midst of a cyberwar — and losing it at that. This comes on the heels of growing speculation from experts that say the Chinese government was behind the recent cyberattacks targeting U.S. government Web sites, Google, and dozens of other U.S. companies. This, of course, raises the question: “If we aren’t already in a cyberwar, are we headed toward one?”

Larry Wortzel, a member of the U.S.-China Economic and Security Review Commission, said in the article, “Expert says Chinese government likely behind massive cyberattacks,” that whether the Chinese government or independent hackers in China were responsible for the recent attacks, we are seeing “persistent, systematic and sophisticated attacks” that are clearly targeting U.S. military, technical and scientific information. Similar trends released at RSA Conference and reported in the story, “Chinese hacks attacks said likely to recur,” said an increase in Internet attacks from China could double if the pace during the first two months of 2010 continues.

People often ask me, given my military background and experience fighting cyber crime, are we in a cyberwar or not? To me, whether or not we are is irrelevant. What defines cyber warfare? What’s important is that we are aware of what is going on and our government and the private sector are doing everything they can to ensure our cyber security. I commended President Obama last October when he said that cyber threats were one of the most serious economic and national security challenges we face as a nation. The fact is, cyber crime has already cost U.S. companies billions of dollars. If these trends aren’t stopped, cyber crime will continue to have a growing impact on both our economy and global competitiveness.

Ensuring our cyber security comes down to one thing — preparedness. The more we understand, and the more proactive steps the government and private sector take independently and collectively, are vital to defending our networks, national assets and critical infrastructures from any type of attack, whether we are in a cyberwar or not.

Most recent comment:   Cyber attacks top terrorism as biggest concern for Indian companies — CoreTrace WhiteSpace

[...] if cyber attacks and terrorism weren’t one in the same. As I mentioned in a recent blog, “Are we ...